There is a possibility to Block Sign-In for AD users using Block Sign-In property in b2c. It is general solution to use "accountEnabled" property to manage it via Graph API.
But it seems it doesn't work for external IDPs (Social (Google, Facebook) etc.)
https://learn.microsoft.com/en-us/answers/questions/1164502/b2c-block-sign-in-for-social-(google-facebook)-and
There is two ways to do this:
Unfortunately, in a solution with default accountEnabled prop it is impossible to reach the redirect orchestration step cause default validator throws and error if Block Sign-In is TRUE and terminates UserJourney for users which are using AAD as IDP.
Is it possible to override default validating accountEnabled behavior to have same redirection for all types of IDPs? Or the only one way is to use custom extension_accountEnabled prop and redirect on error page based on it?
Thanks.